It can only protect honest websites from dishonest uploaders. Even if it becomes a requirement for websites advertising on Eroscripts to verify uploads using this service, they could still ignore it for certain uploads, and would only get caught if someone checks manually (which is the status quo).
Outside of websites using it themselves, it can speed up manual checks or potentially semi-automate it if you start scraping sites. If they paywall content you are SOL unless you shove money down their throats or they have a convenient (perhaps LLM-induced :D) lack of security.
A chain of trust is not what I was getting at, the root CA example was just to give an example of revocation lists. I was only suggesting signing the attestation itself with a key, but thinking it on it some more it becomes obvious that key rotation would invalidate all signatures up to that point, rendering the benefit of reduced API load useless.
Attestations don’t expire like TLS certs do; bad idea on my part.
Some other points that came to mind:
Potentially problematic: not all uploaded funscripts are created by the uploader, often they are cut, resynced, remixed or even just format shifted.
If the goal is not necessarily to identify the author, but just the first known public appearance, then this is fine.
You will need really strong UX around that, users losing their keys is a problem i’ve repeatedly observed with matrix e2e encryption.
On that note, do we need each user to sign scripts with their own key? If the goal is to attest authorship, isn’t timestamping the metadata block + action hash serverside enough? I don’t see any reason for someone to falsify the author metadata to credit someone other than themselves.
How will you handle multi-axis scripts? Sign each axis individually? There are cases where L0 is scripted by one person, and other axes scripted by another. Sometimes each axis also has different metadata.
I should have elaborated more. I meant build into eroscripts an automated process to allow creators to auto sign their uploads, This would mean providing their private key via cookie and if a hash (or fuzzy hash) match error occurs it would fail to sign and fail to upload.
That is the crux of all developers. It know it’s possible, just needs TLC.
Funscript has a few versions of the spec. 2.0 handles multi-axis in 1 file so I will likely have to build in versioning logic and handle that appropriately. That’s a problem for future me to figure out.
I think you overestimate the likelihood of false positives.
Lets say we have a script with 200 points in a graph.
2 people have to make the same script with no knowledge of the other script.
Even with the overlapping motives it’s highly unlikely that 2 people will make a script closely enough to trigger the detection.
Would you confidently say that 2 people can make a script that every point is within a 1.5 point average by accident? Like I said, possible, but highly unlikely. Even using point tracking, setting the parameters is unlikely to cause close enough overlap.
We will know for certain what will happen later, and I will do multiple forms of checks and tune variables to minimize false positives and maximize true positives.
I think you might be overestimating how often stolen scripts actually get reuploaded, especially to the same site, but sure I’m the one overestimating things.
A small possibility isn’t zero, and it still needs to be accounted for regardless of how unlikely you think it is.
And my original point still stands. If the similarity threshold is too loose you get false positives, if it’s too tight it’s trivial to bypass. There’s no clean middle ground there.
Also worth considering, AI scripting tools are becoming more accessible and more people are going to start using them. If two people run the same video through the same tool they could end up with nearly identical scripts completely independently. That’s only going to become more common over time, not less.
“Gentlemen, we will chase perfection, and we will chase it relentlessly, knowing all the while we can never attain it. But along the way, we shall catch excellence.”
― Vince Lombardi
Btw give “The Lombardi Rules” a read. It’s a good read. It’s pretty short but it’s fantastic.
Funny you mention chasing excellence, Lombardi also believed in treating every member of his team with equal respect regardless of who they were. I’ve been trying to get action on moving the gay tag out of the group of loli/rape/incest for months now and that was too much to act on because of the coding required, but a cryptographic signing infrastructure is apparently worth chasing perfection on. Interesting priorities.
I’ll tell you what I’ve done.
I took the forum down to install the wizards plugin. I opened a bug report on the plugin developers git and discourse to bring attention to some issues with it.
I partially built part of the wizard but it became clear the plugin was not capable of doing what I wanted.
I recently spoke with one of the mods if they can help with it and we agreed to make the wizard I was trying to make simpler. I was trying to over-engineer, which is admittedly my fault.
I did put the wizard plugin on the back burner because I had to focus on the migration to the new infrastructure.
I then had some personal life issues to deal with and day job things to focus on and then the 2 back to back dramas happened.
I made requests and offered solutions because that’s what community members do. You’re the admin, acting on them is your job, not mine and even if I wanted to there’s not a whole lot more i can actually do. I’m glad there’s been movement on it but that doesn’t change the fact that it took months of repeated requests to get here, and there’s very little actual progress on it.
But I digress, this is a conversation for another thread probably. Good luck with your personal project.
Also, I just want to point out that all of the work you mentioned about tags and wizards and plugins was work you were doing for device tags. I had to literally remind you about the straight/gay tag issue.
It wasn’t a priority over the migration. It’s not a priority over my family, and it’s not a priority over my rent.
It was next on the list for a while and unfortunately had to be sidelined. I’d appreciate if you didn’t lie about it.
It’s not in that group. It’s in this group: https://discuss.eroscripts.com/g/Recommended-Mutes
Intentionally misrepresenting this issue doesn’t make me think you are being faithful in what I do for the forum.
I may have been mistaken about the exact tags surrounding the gay tag, but guro/incest/ageplay are not much better and the optics remain the same.
If you really want to get into this, several solutions were offered in previous threads and dismissed, options that would take very little effort even. Things like creating a new group of gay/straight/bi/trans and requiring one of those for every script upload. That system literally already exists for other tag groups so I don’t know why it requires new onboarding/custom plugins/etc.
If I sound frustrated, it’s probably because I am. I have to deal with this kind of insidious, ingrained, almost invisible homophobia my entire life, the kind where gay people are constantly ‘sidelined’ and ignored. My sexuality is not a fetish.
I’d also like to point out that I am not alone in feeling this way at all.
The sexuality tags are now required. gay, straight, lesbian, and trans are now required, must have at least 1 tag
Edit: solo-male, solo-female, and solo-trans are also added to the list.
If you want more let me know.
